Welcome to In Depth Defense. In Depth Defense LLC is a privately owned Information Security Consulting company owned and operated by Mark Baggett. In Depth Defense specializes in Penetration Testing and Incident Response. At this time In Depth Defense is not accepting any new client work, but we are happy to speak to you and point you to other resources in the community.

Mark Baggett has been active in Information Security for 18+ years. I've served in a variety of roles from software developer to CISO. You can find archives of older blog entries below and read my newer posts on http://www.pauldotcom.com, http://isc.sans.edu and http://pen-testing.sans.org

Monday, May 19, 2008


Over the weekend the Greater Augusta ISSA (Information Systems Security Association) had a Interactive Capture the flag event.   McAfee, ASU and Elliot Davis sponsored the event providing an IPS to monitor the event, facilities and computers for attendees to use.    McAfee also hosted a flag protected by McAfee HIPS and Intrushield which no one was able to get.   But McAfee still awarded the $100 dollar prize to the individual who did capture 7 of the 9 total flags.   Over the 4 hour period I walked attendees through tactics used by our enemies to break into the systems we are paid to protect.   The event was well attended and I think it was well received.   As promised, I am placing links to some of the tools used during the event on this blog.   We may do the event again some time so I am not including the PowerPoint with the "solutions".   The presentation material will be provided to individual attendees via email and by request only.  If you attended and want a copy of the presentation material email me.

Tools Used
Windows TCPDUMP that doesn't require the installation of  Winpcap.   HERE
NESSUS Vulnerability Scanner   HERE
Enum4Linux.pl -  Linux tool that uses Null Sessions to enumerate Windows Users, Groups and Shares  HERE
BackTrack Penetration Testing Bootable CD HERE
At the moment backtrack's official website is down.  Here is an alternate location to download it.